gozi_ifsb | 4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34 | Triage

Submit
Reports

Overview

overview

Static

static

4cdf2ef504...34.exe

windows7_x64

4cdf2ef504...34.exe

windows10-2004_x64

3

Sharing

General

Target

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
Size

455KB
Sample

220712-fe7dgabfgl
MD5

cac2eaa37b36f498f29843590fca272e
SHA1

8d2259cdfc35ac1fe8a0e6e723b2fdcc2dd1d805
SHA256

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
SHA512

7eab5424897adfd35929215baba831651c6784d8ce0ec02df38a7aeb091e354178f2d05c4586de845f486f44ee58359831cf3e94ae21a3995d8ec8e5eac71bfa

Score

10^/10

gozi_ifsb banker persistence trojan

Static task

static1

Behavioral task

behavioral1

Sample

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34.exe

Resource

win7-20220414-en

gozi_ifsb banker persistence trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34.exe

Resource

win10v2004-20220414-en

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

gozi_ifsb

Attributes

build
214963

Targets

- Target
  
  4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
- Size
  
  455KB
- MD5
  
  cac2eaa37b36f498f29843590fca272e
- SHA1
  
  8d2259cdfc35ac1fe8a0e6e723b2fdcc2dd1d805
- SHA256
  
  4cdf2ef504ef70b2e6008a86997450d643d2a42acbb90876ce28858c172c4c34
- SHA512
  
  7eab5424897adfd35929215baba831651c6784d8ce0ec02df38a7aeb091e354178f2d05c4586de845f486f44ee58359831cf3e94ae21a3995d8ec8e5eac71bfa
Score

10^/10

gozi_ifsb banker persistence trojan
- Gozi, Gozi IFSB
  Gozi ISFB is a well-known and widely distributed banking trojan.
  banker trojan gozi_ifsb
- Executes dropped EXE
- Deletes itself
- Loads dropped DLL
- Unexpected DNS network traffic destination
  Network traffic to other servers than the configured DNS servers was detected on the DNS port.
- Adds Run key to start application
  persistence
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

gozi_ifsbbankerpersistencetrojan

behavioral2

© 2018-2024

Terms | Privacy